chrony System clock synchronization client and server

3.5 net =1 3.5Version of this port present on the latest quarterly branch.

Maintainer: yonas@fizk.net

Port Added: 2014-04-08 17:07:07

Last Update: 2019-10-09 13:17:15

SVN Revision: 514143

License: GPLv2

Description:

chrony is a pair of programs which are used to maintain the accuracy of the system clock on a computer; the two programs are called chronyd and chronyc. chronyd is a daemon which runs in background on the system. It obtains measurements via the network of the system clock's offset relative to time servers on other systems and adjusts the system time accordingly. For isolated systems, the user can periodically enter the correct time by hand (using chronyc). In either case, chronyd determines the rate at which the computer gains or loses time, and compensates for this. chronyd implements the NTP protocol and can act as either a client or a server. chronyc provides a user interface to chronyd for monitoring its performance and configuring various settings. It can do so while running on the same computer as the chronyd instance it is controlling or a different computer. WWW: http://chrony.tuxfamily.org/

SVNWeb : Homepage

pkg-plist: as obtained via: make generate-plist

Expand this list (10 items)

1. /usr/local/share/licenses/chrony-3.5/catalog.mk
2. /usr/local/share/licenses/chrony-3.5/LICENSE
3. /usr/local/share/licenses/chrony-3.5/GPLv2
4. bin/chronyc
5. @sample etc/chrony.conf.sample
6. man/man1/chronyc.1.gz
7. man/man5/chrony.conf.5.gz
8. man/man8/chronyd.8.gz
9. sbin/chronyd
10. @dir(chronyd,chronyd) /var/db/chrony

Collapse this list.

Dependency lines:

• chrony>0:net/chrony

To install the port: cd /usr/ports/net/chrony/ && make install clean

To add the package: pkg install chrony

PKGNAME: chrony

Flavors: there is no flavor information for this port.

distinfo:

TIMESTAMP = 1564743396 SHA256 (chrony-3.5.tar.gz) = 4e02795b1260a4ec51e6ace84149036305cc9fc340e65edb9f8452aa611339b5 SIZE (chrony-3.5.tar.gz) = 458226

Dependencies

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:

1. gmake : devel/gmake

Library dependencies:

1. libnettle.so : security/nettle
2. libedit.so.0 : devel/libedit

There are no ports dependent upon this port

Configuration Options

===> The following configuration options are available for chrony-3.5: DOCS=on: Build and/or install documentation EXAMPLES=on: Build and/or install examples IPV6=on: IPv6 protocol support NETTLE=on: Nettle crypto library support NSS=off: Add support for more hashing algorithms ===> Use 'make config' to modify these settings

USES:

cpe gmake libedit

Master Sites:

1. http://download.tuxfamily.org/chrony/

Drop the ipv6 virtual category for n* category as it is not relevant anymore

net/chrony: Update to 3.5

PR:		239596
Submitted by:	Colin T. <bugzilla@nulldir.e4ward.com>
Approved by:	maintainer timeout (yonas@fizk.net, >1 month)

Update security/nettle to 3.5.1

- Bump PORTREVISION of dependent ports for shlib change
- Fix build of devel/pijul [1]

Changes:	https://git.lysator.liu.se/nettle/nettle/blob/master/NEWS
PR:		238991
Exp-run by:	antoine
Thanks to:	tobik [1]

net/chrony: Fix chrony running as server and using bindaddress

On FreeBSD, sendmsg() fails when IP_SENDSRCADDR specifies a source
address on a socket that is bound to the address. This prevents a server
configured with the bindaddress directive from responding to clients.

Add a new variable to check whether the server IPv4 socket is not bound
before setting the source address.

PR:		233644
Submitted by:	Colin T <bugzilla@nulldir.e4ward.com>
Reported by:	ddrinnon@cdor.net
Approved by:	maintainer timeout (> 3 weeks)
Obtained
from:	https://git.tuxfamily.org/chrony/chrony.git/commit/?id=6af39d63aa9323b4b8c39efe24ae0c88c949a901

net/chrony: Update to 3.4

PR:		232823
Submitted by:	Colin T. <bugzilla@nulldir.e4ward.com>
Approved by:	maintainer timeout (yonas@fizk.net, >3 weeks)

Remove redundant DOCS, NLS, EXAMPLES, and IPV6 from OPTIONS_DEFAULT as they
are put there by the framework (see line 200 of Mk/bsd.options.mk), except
for `finance/quantlib' which makes very unorthodoxal usage of port options.

net/chrony: Update to 3.3

- Add explicit DOCS, EXAMPLES options
- Replace %%PREFIX%% in sample files
- Make sure chronyc is really linked with libedit from ports
- Add support for security/nettle and use it by default since chrony crashes
  on startup when built with NSS. [1]

PR:		227779, 223840 [1]
Submitted by:	takefu@airport.fm
Approved by:	maintainer

Add missing lib dependency in the original patch
Bump PORTREVISION

PR:		217691
Submitted by:	John Hein  <z7dr6ut7gs@snkmail.com>
Approved by:	Yonas Yanfa <yonas@fizk.net>

Makes the NSS dependency explicit, and perform cleanup
Bump PORTREVISION

Before this patch if nss is installed when crony is built, there's a silent lib
dependency on nss, and if nss is subsequently uninstalled chrony breaks.

NSS is now turned on by default adding support for a number of more modern
hashing algorithms than md5.

Cleanup:
 - --infodir is not a valid configure option (since 2.3 I think)
 - USES=localbase instead of LDFLAGS
 - add explicit --without-tomcrypt [1]
 - add support for passing chronyd_flags to chronyd in rc.d script
 - fix some hard-coded /usr/local in examples

PR:		217691
Submitted by:	John Hein <z7dr6ut7gs@snkmail.com>
Approved by:	Yonas Yanfa <yonas@fizk.net> (maintainer)

net/chrony: Remove dubious security warnings in pkg-message

PR:		223647
MFH:		2017Q4

- Update to 3.1

PR:		217573
Submitted by:	yonas@fizk.net(maintainer)

Update net/chrony: enable privilege separation and other minor changes.

- enables privilege separation
- removes the build dependency on asciidoctor
- removes the runtime dependency on makeinfo and readline
- add a runtime dependency on libedit
- do not install the HTML documentation (in favour of man pages)
- update the post-install message (pkg-message) in light of privilege separation
- set the permission of /var/db/chrony to the new "chronyd" user and group

PR:		216737
Submitted by:	maintainer
Approved by:	mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D9570

Mark various ports broken on aarch64 and armv6.

Approved by:	portmgr (tier-2 blanket)

- Update to 3.0
- While here, add LICENSE_FILE and remove unneeded @dir

PR:		216184
Submitted by:	yonas@fizk.net (maintainer)

Do not use post-stage.  Use post-install instead.

The only reason to use post-stage is because the port needs to do
"things" at a later time, like some plist manipulation.
While there, fold post-install in do-install targets when they are
defined.

PR:		214780
Submitted by:	mat
Exp-run by:	antoine
Sponsored by:	Absolight

net/chrony: update 2.4 -> 2.4.1

PR:		214749
Submitted by:	Yonas Yanfa <yonas@fizk.net> (maintainer)

net/chrony: 2.3 -> 2.4

Changes:
  http://chrony.tuxfamily.org/news.html

PR:		210190
Submitted by:	Yonas Yanfa <yonas@fizk.net> (maintainer)

- Remove ONLY_FOR_ARCHS restriction as chronyd(8) runs fine on PowerPC now
- Remove no-op OPTIONS_DEFAULT=IPV6, which was bogusly re-added in r416385
  by pi@ after it was previously removed by amdmi3@ in r416447
- Sanitize `post-stage' target recipe (still needs more work to decouple
  extra docs and examples properly and add them to OPTIONS_DEFINE)

Tested on:	Mac mini G4 (powerpc)

net/chrony: 2.2 -> 2.3

- submitter becomes maintainer after repeated maintainer timeouts

Enhancements
- Add support for NTP and command response rate limiting
- Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris
- Add require and trust options for source selection
- Enable logchange by default (1 second threshold)
- Set RTC on Mac OS X with rtcsync directive
- Allow binding to NTP port after dropping root privileges on NetBSD
- Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled
- Resolve names in separate process when seccomp filter is enabled
- Replace old records in client log when memory limit is reached
- Don't reveal local time and synchronisation state in client packets

Remove NLS, DOCS, EXAMPLES and IPV6 from OPTIONS_DEFAULT, they are enabled by
default anyway and don't need to be listed

Approved by:	portmgr blanket

Update to upstream version 2.2; general cleanup

Detailed log by submitter:
- Update net/chrony to latest upstream version - 2.2
- install info
- point to /var/db instead of /var/lib (per hier(7))
- use doc/install-docs target; install more docs (PORTDOCS)
- use @sample to a sample .conf file (not for .keys which will require
  manual intervention); others in examples dir (use PORTEXAMPLES)
- rm old post-install target
- fix example files for freebsd/prefix paths & ntp server names, add
  info regarding how to do log rotation if logging turned on.

PR:		204817
Submitted by:	z7dr6ut7gs@snkmail.com
Approved by:	maintainer timeout

net/chrony: prefix fix, remove setuid-root mode

PR:		204018
Submitted by:	John Hein <z7dr6ut7gs@snkmail.com>
Reviewed by:	koobs
Approved by:	masaki@club.kyutech.ac.jp (maintainer timeout)

net/chrony: 1.31 -> 1.31.1

- Update to 1.31.1 to resolve CVE-2015-1799, CVE-2015-1821, and CVE-2015-1822
- Regenerate patches with `make makepatch` to quiet portlint
- Strip binaries

PR:		199508
Submitted by:	Jason Unovitch <jason.unovitch@gmail.com>
Approved by:	masaki@club.kyutech.ac.jp (maintainer timeout)

net/chrony: add CPE info

PR:		199513
Submitted by:	jbeich
Approved by:	portmgr blanket

- Update to 1.31 [1]

While here:

- Add makeinfo and readline uses
- Fix plist orphans

PR:		194079 [1]
Submitted by:	Kevin Thompson <antiduh at csh.rit.edu>
Approved by:	maintainer timeout

Some minor, non-functional wording and grammar nits.

Add a port of system clock synchronization client and server (chrony).

WWW: http://chrony.tuxfamily.org/

PR:	ports/174263

4 vulnerabilities affecting 12 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2019-10-19 10:52:46